1. Field of the Invention
The invention relates to an apparatus and a method for reproducing user data stored in encrypted form on a recording medium, as well as to an integrated circuit for use in such an apparatus or method. The invention refers particularly to the protection of information stored on removable recording media, such as video data on a DVD.
If user data, e.g., video data, audio data, software or application data, is stored on a removable recording medium in encrypted form, it is most often required that an authorized application can read and use said user data, if allowed, from such removable recording media without the need to retrieve the decryption key from a separate location, such as the Internet. Hence, the decryption key has to be stored on the medium together with the encrypted user data.
2. Description of the Related Art
However, the decryption key has to be hidden from an unauthorized access. Known techniques for hiding the decryption key are the use of a media-key-block with secret player keys which are, for instance, used in the known Content Scrambling System (CSS) and in Content Protection for Recordable Media (CPRM). Another method for hiding the decryption key in electronic signals using secret signal processing methods is known from U.S. Pat. No. 6,157,606. Therein, a master key is used for encrypting main data in a pit-width direction by changing a light amount of a laser beam to then record it on an optical recording medium.
In the current protection systems, such as CSS and CPRM, the calculation of the decryption key is performed inside an authorized PC application running in an application unit of a PC. These authorized applications contain protection mechanisms against the extraction of secrets, such as player keys needed for media-key-block calculation, and against any modification of the behavior of the application, such as providing any protected data in the clear to other applications. These protection mechanisms for PC software applications are, however, known to be weak and to fail regularly. If the authorized application and/or the application unit is tampered with by hackers, it could be changed such that it provides the hacker with the decryption key of the protected user data. The hacker would now be able to extract and publish the decryption keys of many published recording media, which would allow other hackers to get easy access to the protected user data using unauthorized applications.
This is a serious security problem. The illegal distribution of decryption keys does potentially produce more damage than the illegal distribution of protected user data in the clear because the protected user data includes a large amount of data, usually many megabytes and is, therefore, time-consuming. In contrast, the decryption keys include only a small amount of data, usually not much more than one kilobyte, and can be distributed quickly and widely.